Examples with DERSequence org.gudy.bouncycastle.asn1.DERSequence used on opensource projects

Example 66 with DERSequence

use of org.gudy.bouncycastle.asn1.DERSequence in project pac4j by pac4j.

the class SAML2ClientConfiguration method createSelfSignedCert.

/**
 * Generate a self-signed certificate for dn using the provided signature algorithm and key pair.
 *
 * @param dn X.500 name to associate with certificate issuer/subject.
 * @param sigName name of the signature algorithm to use.
 * @param sigAlgID algorithm ID associated with the signature algorithm name.
 * @param keyPair the key pair to associate with the certificate.
 * @return an X509Certificate containing the public key in keyPair.
 * @throws Exception
 */
private X509Certificate createSelfSignedCert(X500Name dn, String sigName, AlgorithmIdentifier sigAlgID, KeyPair keyPair) throws Exception {
    V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
    certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
    certGen.setIssuer(dn);
    certGen.setSubject(dn);
    certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
    final Calendar c = Calendar.getInstance();
    c.setTime(new Date());
    c.add(Calendar.YEAR, 1);
    certGen.setEndDate(new Time(c.getTime()));
    certGen.setSignature(sigAlgID);
    certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    Signature sig = Signature.getInstance(sigName);
    sig.initSign(keyPair.getPrivate());
    sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
    TBSCertificate tbsCert = certGen.generateTBSCertificate();
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgID);
    v.add(new DERBitString(sig.sign()));
    X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
    // check the certificate - this will confirm the encoded sig algorithm ID is correct.
    cert.verify(keyPair.getPublic());
    return cert;
}

Example 67 with DERSequence

use of org.gudy.bouncycastle.asn1.DERSequence in project BiglyBT by BiglySoftware.

the class EncryptionScheme method getDERObject.

@Override
public DERObject getDERObject() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(objectId);
    v.add(obj);
    return new DERSequence(v);
}

Example 68 with DERSequence

use of org.gudy.bouncycastle.asn1.DERSequence in project BiglyBT by BiglySoftware.

the class PKCS7SignedData method getEncoded.

/**
 * return the bytes for the PKCS7SignedData object.
 */
public byte[] getEncoded() {
    try {
        digest = sig.sign();
        // Create the set of Hash algorithms. I've assumed this is the
        // set of all hash agorithms used to created the digest in the
        // "signerInfo" structure. I may be wrong.
        // 
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (Iterator i = digestalgos.iterator(); i.hasNext(); ) {
            AlgorithmIdentifier a = new AlgorithmIdentifier(new DERObjectIdentifier((String) i.next()), null);
            v.add(a);
        }
        DERSet algos = new DERSet(v);
        // Create the contentInfo. Empty, I didn't implement this bit
        // 
        DERSequence contentinfo = new DERSequence(new DERObjectIdentifier(ID_PKCS7_DATA));
        // Get all the certificates
        // 
        v = new ASN1EncodableVector();
        for (Iterator i = certs.iterator(); i.hasNext(); ) {
            DERInputStream tempstream = new DERInputStream(new ByteArrayInputStream(((X509Certificate) i.next()).getEncoded()));
            v.add(tempstream.readObject());
        }
        DERSet dercertificates = new DERSet(v);
        // Create signerinfo structure.
        // 
        ASN1EncodableVector signerinfo = new ASN1EncodableVector();
        // Add the signerInfo version
        // 
        signerinfo.add(new DERInteger(signerversion));
        IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber(new X509Name((ASN1Sequence) getIssuer(signCert.getTBSCertificate())), new DERInteger(signCert.getSerialNumber()));
        signerinfo.add(isAnds);
        // Add the digestAlgorithm
        // 
        signerinfo.add(new AlgorithmIdentifier(new DERObjectIdentifier(digestAlgorithm), new DERNull()));
        // 
        // Add the digestEncryptionAlgorithm
        // 
        signerinfo.add(new AlgorithmIdentifier(new DERObjectIdentifier(digestEncryptionAlgorithm), new DERNull()));
        // 
        // Add the digest
        // 
        signerinfo.add(new DEROctetString(digest));
        // 
        // Finally build the body out of all the components above
        // 
        ASN1EncodableVector body = new ASN1EncodableVector();
        body.add(new DERInteger(version));
        body.add(algos);
        body.add(contentinfo);
        body.add(new DERTaggedObject(false, 0, dercertificates));
        if (crls.size() > 0) {
            v = new ASN1EncodableVector();
            for (Iterator i = crls.iterator(); i.hasNext(); ) {
                DERInputStream t = new DERInputStream(new ByteArrayInputStream((((X509CRL) i.next()).getEncoded())));
                v.add(t.readObject());
            }
            DERSet dercrls = new DERSet(v);
            body.add(new DERTaggedObject(false, 1, dercrls));
        }
        // Only allow one signerInfo
        // 
        body.add(new DERSet(new DERSequence(signerinfo)));
        // Now we have the body, wrap it in it's PKCS7Signed shell
        // and return it
        // 
        ASN1EncodableVector whole = new ASN1EncodableVector();
        whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
        whole.add(new DERTaggedObject(0, new DERSequence(body)));
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dout = new DEROutputStream(bOut);
        dout.writeObject(new DERSequence(whole));
        dout.close();
        return bOut.toByteArray();
    } catch (Exception e) {
        throw new RuntimeException(e.toString());
    }
}

Example 69 with DERSequence

use of org.gudy.bouncycastle.asn1.DERSequence in project keystore-explorer by kaikramer.

the class PolicyMapping method toASN1Primitive.

@Override
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector dv = new ASN1EncodableVector();
    dv.add(issuerDomainPolicy);
    dv.add(subjectDomainPolicy);
    return new DERSequence(dv);
}

Example 70 with DERSequence

use of org.gudy.bouncycastle.asn1.DERSequence in project keystore-explorer by kaikramer.

the class SubjectInfoAccess method toASN1Primitive.

@Override
public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector vec = new ASN1EncodableVector();
    Iterator<AccessDescription> it = accessDescriptions.iterator();
    while (it.hasNext()) {
        vec.add(it.next().toASN1Primitive());
    }
    return new DERSequence(vec);
}